Olivia
Online
Lars
@bob5ec
#LangSec conspirator eleminating injection vulnerabilities, #DevSecOps practitioner authoring #SecurityBelts and #ThreatModeling security architecture.
Joined January 2012
308 Following
207 Followers
2K Posts
Pinned Tweet
Summing up the root cause of input-based security vulnerabilities https://t.co/stJieb7vlB
🛠️ Fuzzing confused dependencies with Depfuzzer
New tool designed to automate the detection of dependency confusion vulnerabilities
Repo: https://t.co/gtVsHXtoGV
By @Synacktiv
https://t.co/rQp3jjvhxH
🦀 Eliminating Memory Safety Vulnerabilities at the Source
Rust caused memory safety vulnerabilities % in Android to drop from 76% to 24% over 6 years.
💡Key insight: new code is disproportionately responsible for bugs
By @jeffvanderstoep, @ayper
https://t.co/eIpfwDXm7U
@OwaspSAMM goes Everything as code. Model driven Security as a way to improve Security Engineering.
Who to follow
The Application Security Podcast
@AppSecPodcast
Hosts dig into the stories of AppSec experts and the tools, tactics, and tricks that make them successful.
Izar Tarandach
@izar_t
Retweet!=endorsement.I follow smart people and tweet about appsec.
OWASP pytm Lead|Event Committee Chair (2024)
[email protected]
Vates
@Vates_SA
Empresa dedicada al desarrollo de software en JAVA,.NET, PL/SQL,C++,etc; acreditación de aplicaciones (testing) y calidad. Certificados en ISO 9001
I had a great time meeting the @OwaspSAMM Community. Lots of like-minded people!
TIL: OWASP SAMM is for people running an #AppSec program. Target groups are not Developers or Security Champions. Hence OWASP DSOMM and Security Belts need to be there to support these target groups.
@4k3nd0 Sorry, but not sorry.
I still wonder how to identify the archetypes in day-to-day life.
Observe the ones around you. Do they have True Ownership? https://t.co/4EkxxSxgzd
There should be a reality show where project managers try to meet outrageous deadlines while developers keep introducing new features.
Looking forward to talk about Security Coaching at @heise_devSec with @jn_struewer and @SpreadTheKaozZ https://t.co/wdDBbswMyS
For everyone who is improving security culture, https://t.co/EMp72yBkyT might be an awesome source of inspiration for fundamental patterns that can be applied.
🤣 "What does the text say above my first message?"
🤖 Building an AI AppSec Team
Using @crewAIInc to create a multi-agent AppSec team
* Code reviewer
* Exploiter
* Mitigation expert
* Report writer
#cybersecurity
https://t.co/IVzlU4VFPj
I just launched a new post with @clintgibler over on tl;drsec, check it out!
When I read Wiring the Winning Organization (@RealGeneKim, @StevenJSpear), I spent the whole time trying to map the concepts to Security
1/2
Ready to raise your #cybersecurity game? You don't want to miss Global AppSec Lisbon 2024! Join us June 24-28 for incredible training and talks in inspiring Lisbon, Portugal.
Get your tickets now at https://t.co/EThrASSBwX
We just published an almost complete list of talks that have been accepted for #TROOPERS24. Thanks to all of you who participated in the CFP! So many excellent submissions. We really had a hard time to decide which will fit best for this year!
https://t.co/QBb2cx6hdq
An underrated aspect of AppSec and Secure Coding is not exposing the insecure functionality in the first place.
Let's say you have a XML parsing library that may be used by devs wrongly/insecurely. By disabling certain functions in the library, its not vulnerable to XML Injection anymore
Instead of constantly training them to figure out security params, having a wrapper library (custom) that automatically disables insecure functionality is way more effective.
It's:
* easier to use
* easier to enforce (in SAST, CI, SBOM, etc)
* easier to train on
* reduces cognitive load for devs in the long run
* and more secure
Keep it simple.
@abhaybhargav 100%! And now expand this idea to functionality of programming languages that is dangerous to use, i.e. string concatenation. If we would be able to remove that and create an abstraction for generating output all injections would be gone.
What is this? Wrong answers only
I'm a proud sponsor of @LocoMocoSec! Please apply for the call for papers, open until March 31. Ladies and non-binary folks, this includes YOU! Everyone should apply!
https://t.co/xjcaWihjXc
Last Seen Users on Sotwe
不汐汐
Seen from Japan
زايد
Seen from Indonesia
Dodo Tukang Ngintip
Seen from United States
Brondong.hyper
Seen from Indonesia
Dil jan
Seen from Pakistan
🇨🇺Jesús Reyes🇨🇺 
Seen from Canada
Seveir Stone
Seen from Bahrain
gabener2413
Seen from Indonesia
Junti Nurhatati
Seen from Indonesia
evli çift
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers